Mozilla’s New Update Fixes Vulnerabilities in Firefox

Mozilla released ten security patches on February 8, 2008 to fix vulnerabilities in its Firefox browser, which has at least three critical flaws. Firefox version 2.0.0.12 is the latest version of the browser.

The update, which is Mozilla's first one for 2008, corrects critical issues relating to Firefox's manner of handling Web-browser history, cross-site scripting, privilege escalation, and other security holes that could cause system to breakdown due to memory corruption.

According to Mozilla's advisories released on February 7, 2008, exploitation of the vulnerability in Web-browsing history could allow execution of arbitrary software on a user's PC while by violating the flaw with privilege escalation, an attacker could inject code onto a targeted site. SC Magazine reported this on February 8, 2008.

Acting differently from other vendors, Mozilla has marked the security flaws as "critical", even for an exploit that it is not sure would allow introduction of a malicious code. For instance, the description of the JavaScript engine vulnerability represents the conservative approach of Mozilla. The write-up said that certain instances of breakdown showed they had memory corruption and it is assumed that with a lot of effort, certain circumstances could be exploited for arbitrary code execution.

Mozilla also plugged a "high" risk hole in the manner Firefox uses URI (Uniform Resource Identifier) schemes. The browser's URI vulnerability, a discovery by Security Researcher named Gerry Eisenhaur, received the greatest publicity. That vulnerability, which, according to Eisenhaur, could allow an attacker to exploit through numerous Firefox extensions, had been discussed on many of Mozilla's Chief of Security Window Snyder's blog postings. ComputerWorld reported this on February 8, 2008.

The bug is also exploitable to seize the contents of Firefox's sessionstore.js file that holds data for session cookies and information relating to publicly accessible sites.

The final critical bug relates to a flaw in memory corruption that with adequate effort could be exploited to execute arbitrary software, Mozilla said. Washingtonpost reported this on February 8, 2008.

While developers of Mozilla update the Firefox 2.x series for relevant patches, work is also being conducted to develop the next generation of Firefox.

Related article: Mozilla Rules Out Bug in Its Firefox

» SPAMfighter News - 15-02-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next